##
## A playbook to set up a Nagios 4 server
##

## Setup the initial user and groups.
- name: Add nagios group as 420
  group: name=nagios gid=420 state=present system=yes
  tags:
  - nagios_server

- name: Add nagios user as 420
  user: name=nagios uid=420 state=present home=/var/spool/nagios comment="Nagios Monitoring User" createhome=yes system=yes shell=/bin/bash
  tags:
  - nagios_server

# Add the apache user to the nagios group so that it has permissions
# to do stuff in /var/spool/nagios/*
- name: Add apache to nagios group
  user: name=apache append=yes groups=nagios
  tags:
  - nagios_server

## Install the initial packages for the group.
- name: Install nagios packages
  package: name={{ item }} state=present
  with_items:
  - php
  - nagios.x86_64
  - nagios-selinux
  - nrpe-selinux
  - nagios-plugins
  - nagios-plugins-dig
  - nagios-plugins-disk
  - nagios-plugins-dns
  - nagios-plugins-dummy
  - nagios-plugins-file_age
  - nagios-plugins-http
  - nagios-plugins-load
  - nagios-plugins-nagios
  - nagios-plugins-nrpe
  - nagios-plugins-perl
  - nagios-plugins-pgsql
  - nagios-plugins-ping
  - nagios-plugins-procs
  - nagios-plugins-smtp
  - nagios-plugins-ssh
  - nagios-plugins-swap
  - nagios-plugins-tcp
  - nagios-plugins-users
  - perl-Mail-IMAPClient
  - stunnel
  - mod_auth_gssapi
  tags:
  - nagios_server

- name: Install the SSL apache module
  package: name={{ item }} state=present
  with_items:
  - mod_ssl
  when: env == "production" and nagios_location == "external"


## Copy over the httpd SSL certs for external
- name: Install the SSL cert so that we can use https
  copy: >
      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
      owner=root group=root mode=0600
  when: env == "production" and nagios_location == "external"
  with_items:
  - noc02.fedoraproject.org.cert
  - noc02.fedoraproject.org.key
  - noc02.fedoraproject.org.intermediate.cert
  tags:
  - config
  - httpd/certificate


## Setup directories for files to be copied
- name: Create or confirm directories to be made
  file: dest={{item}} mode=2755 owner=root group=sysadmin-main state=directory
  with_items:
  - /etc/nagios/commands
  - /etc/nagios/contacts
  - /etc/nagios/contactgroups
  - /etc/nagios/hosts
  - /etc/nagios/hostgroups
  - /etc/nagios/services
  - /etc/nagios/servicegroups
  - /etc/nagios/conf.d
  - /usr/lib64/nagios/plugins/
  - /usr/lib64/nagios/plugins/eventhandlers/

## Remove the items we don't want
- name: Nuke default nagios passwd
  file: dest=/etc/nagios/passwd state=absent
  tags:
  - nagios_server

- name: Nuke default nagios objects
  file: dest=/etc/nagios/objects state=absent
  tags:
  - nagios_server

## Copy over system configs
- name: Copy specialized nrpe.cfg for nagios server
  copy: src=nrpe/nrpe.cfg dest=/etc/nagios/nrpe.cfg mode=0644 group=root owner=root
  notify:
  - restart nrpe
  tags:
  - config
  - nagios_server

## Copy over the nagios configs
- name: Copy /etc/nagios/conf.d/*cfg files
  copy: src=nagios/configs/{{ item }} dest=/etc/nagios/conf.d/{{ item }}
  with_items:
    - escalations.cfg  
    - timeperiods.cfg
  tags:
  - config
  - nagios_server

- name: Copy over the main conf file
  copy: src=nagios/configs/nagios.cfg dest=/etc/nagios mode=0644 group=root owner=root
  tags:
  - config
  - nagios_server


## Copy over the command scripts
- name: Copy /etc/nagios/commands
  copy: src=nagios/commands/{{ item }} dest=/etc/nagios/commands/{{ item }}
  with_items:
    - disk.cfg
    - dns.cfg
    - git.cfg
    - httpd.cfg
    - koji.cfg
    - local.cfg
    - mailman.cfg
    - misc.cfg
    - notify.cfg
    - nrpe.cfg
    - perfdata.cfg
    - ping.cfg
    - rsyslog.cfg
    - smtp.cfg
    - ssh.cfg
    - tcp.cfg
    - testcloud.cfg
    - udp.cfg
    - unbound.cfg
  tags:
  - nagios-config
  - nagios_server
  notify: restart nagios

## Copy over the contacts
- name: Copy /etc/nagios/contacts
  synchronize: src=nagios/contacts/ dest=/etc/nagios/contacts/
  tags:
  - nagios-config
  - nagios_server
  notify: restart nagios

## Copy over the contactgroups
- name: Copy /etc/nagios/contactgroups
  synchronize: src=nagios/contactgroups/ dest=/etc/nagios/contactgroups/
  tags:
  - nagios-config
  - nagios_server
  notify: restart nagios

## Copy over the hosts
- name: Copy /etc/nagios/hosts
  copy: src=nagios/hosts/ dest=/etc/nagios/hosts/
  tags:
  - nagios-config
  - nagios_server
  notify: restart nagios

## Copy over the services
- name: Copy /etc/nagios/services (PHX2)
  copy: src=nagios/services/{{ item }} dest=/etc/nagios/services/{{ item }}
  with_items:
    - autocloud.cfg
    - basset.cfg
    - copr.cfg
    - db_backups.cfg
    - disk.cfg
    - dns.cfg
    - fedmsg.cfg
    - file_age.cfg
    - fmn.cfg
    - haproxy.cfg
    - ipa.cfg
    - koji.cfg
    - koschei.cfg
    - locking.cfg
    - mail_queue.cfg
    - mailman.cfg
    - memcached.cfg
    - nagios.cfg
    - nrpe.cfg
    - osbs.cfg
    - pagure_redis.cfg
    - pgsql.cfg
    - ping.cfg
    - procs.cfg
    - raid.cfg
    - smtp-mm.cfg
    - ssh.cfg
    - ssl.cfg
    - swap.cfg
    - templates.cfg
    - unbound.cfg
    - vpnclients.cfg
  tags:
  - nagios-config
  - nagios_server
  when: env == "production" and nagios_location == "internal"
  notify: restart nagios

## Copy over the services
- name: Copy /etc/nagios/services (External)
  copy: src=nagios/services/{{ item }} dest=/etc/nagios/services/{{ item }}
  with_items:
    - dns.cfg
    - smtp-mm.cfg
    - templates.cfg
  tags:
  - nagios-config
  - nagios_server
  when: env == "production" and nagios_location == "external"
  notify: restart nagios

## Copy over the services
- name: Copy /etc/nagios/services (staging)
  copy: src=nagios/services/{{ item }} dest=/etc/nagios/services/{{ item }}
  with_items:
    - mail_queue.cfg
    - ping.cfg
    - templates.cfg
  tags:
  - nagios-config
  - nagios_server
  when: env == "staging"
  notify: restart nagios

## Copy over the servicegroups
- name: Copy /etc/nagios/servicegroups
  synchronize: src=nagios/servicegroups/ dest=/etc/nagios/servicegroups/
  tags:
  - nagios-config
  - nagios_server
  when: nagios_location == "internal"
  notify: restart nagios

## Copy over the plugins
- name: Copy plugins
  copy: src=nagios/plugins/ dest=/usr/lib64/nagios/plugins/ mode=0755 owner=root group=root
  tags:
  - nagios_server

## Copy over the programs
- name: Copy irc-colorize.py
  copy: src=nagios/scripts/irc-colorize.py dest=/usr/local/bin/irc-colorize.py mode=0755 group=root owner=root
  tags:
  - nagios_server

- name: Copy check_nagios_notifications.py
  copy: src=nagios/scripts/check_nagios_notifications.py dest=/usr/local/bin/check_nagios_notifications.py mode=0755 group=root owner=root
  tags:
  - nagios_server


- name: Copy robots.txt
  copy: src=httpd/robots.txt dest=/var/www/robots.txt
  tags:
  - nagios_server

## Build template files
# This one may go to being just a regular config file if we can make remote monitoring work
- name: Template out the nagios httpd conf
  template: src=httpd/{{item}}.j2 dest=/etc/httpd/conf.d/{{item}}
  with_items:
  - nagios.conf
  tags:
  - nagios_server

- name: Template out the nagios httpd conf
  template: src=httpd/{{item}}.j2 dest=/etc/httpd/conf.d/{{item}}
  with_items:
  - 0_nagios-external.conf
  tags:
  - nagios_server
  when: env == "production" and nagios_location == "external"

- name: Template out the cgi.cfg 
  template: src=nagios/configs/cgi.cfg.j2 dest=/etc/nagios/cgi.cfg mode=0644 owner=root group=root
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Override config.inc.php for the given environment
  template: src=nagios/config.inc.php.j2 dest=/usr/share/nagios/html/config.inc.php mode=0640 owner=root group=apache
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Template over commands
  template: src=nagios/commands/{{item}}.j2 dest=/etc/nagios/commands/{{item}} mode=0644 owner=root group=root
  with_items:
    - postgres.cfg
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Template over services (internal)
  template: src=nagios/services/{{item}}.j2 dest=/etc/nagios/services/{{item}} mode=0644 owner=root group=root
  with_items:
    - phx2-mgmt.cfg
    - mirrorlist-proxies.cfg
  when: env == "production" and nagios_location == "internal"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Template over services (both)
  template: src=nagios/services/{{item}}.j2 dest=/etc/nagios/services/{{item}} mode=0644 owner=root group=root
  with_items:
    - websites.cfg
  when: env == "production"
  tags:
  - nagios_server
  - nagios-config
  - websites
  notify: restart nagios



- name: Build out nagios host templates (production)
  template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
  with_items:
    - bodhost-hosts.cfg
    - cloud-hosts.cfg
    - coloamer-hosts.cfg
    - dedicatedsolutions-hosts.cfg
    - host1plus-hosts.cfg
    - gateway-hosts.cfg
    - ibiblio-hosts.cfg
    - internetx-hosts.cfg
    - osuosl-hosts.cfg
    - other.cfg
    - rdu-cc-hosts.cfg
    - rdu-hosts.cfg
    - tummy-hosts.cfg
  when: env == "production"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

## These are only available to the internal server
- name: Build out nagios host templates (production)
  template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
  with_items:
    - phx2-hosts.cfg
    - phx2-mgmt-hosts.cfg
    - staging-hosts.cfg
  when: env == "production" and nagios_location == "internal"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Build out nagios host templates (production)
  template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
  with_items:
    - phx2-external.cfg
  when: env == "production" and nagios_location == "external"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios



- name: Build out nagios host templates (staging)
  template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
  with_items:
    - phx2-hosts.cfg
    - staging-hosts.cfg
    - phx2-mgmt-hosts.cfg
  when: env == "staging"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Build out nagios hostgroup templates
  template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root
  with_items:
    - all.cfg
    - vpnclients.cfg
    - nomail.cfg
    - checkswap.cfg
  when: nagios_location == "internal"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Build out nagios hostgroup templates
  template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root
  with_items:
    - all-external.cfg
  when: nagios_location == "external"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios

- name: Build out nagios servicegroup templates
  template: src=nagios/servicegroups/{{item}}.j2 dest=/etc/nagios/servicegroups/{{item}} mode=0644 owner=root group=root
  with_items:
    - bodhi.cfg
    - freemedia.cfg
    - mgmt-https.cfg
    - pkgdb.cfg
    - fas.cfg
    - fp-wiki.cfg
    - ipa.cfg
    - mgmt-http.cfg
    - mirrorlist.cfg
  when: nagios_location == "internal"
  tags:
  - nagios_server
  - nagios-config
  notify: restart nagios


## Copy over the servicedeps
## Setup the cron jobs

- name: Install check_nagios_notifications cron
  cron: name="check_nagios_notifications" minute=0 hour=0 weekday=1 user=nagios job="/usr/local/bin/check_nagios_notifications.py"
  tags:
  - nagios_server

## Handle selinux annoyances - roughly copied from fedmsg role
- name: Ensure a directory exists for our custom selinux module
  file: dest=/usr/local/share/nagios-policy state=directory
  tags:
  - nagios_server

- name: Copy over our custom selinux module
  copy: src=selinux/nagios_hostname.pp dest=/usr/local/share/nagios-policy/nagios_hostname.pp
  register: selinux_module
  tags:
  - nagios_server

- name: Install our custom selinux module
  command: semodule -i /usr/local/share/nagios-policy/nagios_hostname.pp
  when: selinux_module is changed
  tags:
  - nagios_server
